Skip to main content

Java Secure coding guidlines

 Java Secure coding guidelines

1. Use Security Api's.
2. Always Close open resources use Try with Resources.
3. Use Class Loaders and Policy's for fine grain access
4. Always validate input format and input data .
5. Never grant unnecessary permission to third party code.
6. Never ignore exceptions  
7. Avoid duplications.
8. Document Security Information 
9. Encapsulate your changes.
10. Write Clear Code.
11. Do not log config information of your app.
12. Do not serialize security Codes.
13. Always do negative Testing against your code.
14. Use known and tested libraries
15. Always use prepared statements to handle SQL parameters.
16. Don't reveal implementation via complete error messages example userid failed or password failed.
17. Keep security releases up to date.
18. Look for dependency vulnerabilities.
19  Monitor and log user activity for brute force attack and denial of service.



Comments

Post a Comment

Popular posts from this blog

Maximo Interview Questions - Maximo Technical and Functional Questions

Technical Questions How do you rate your self in :- 1. PL/SQL 2. Java 3. Automation Script 4. Mbo Customization 5. Admininstration Jobs 6. Funtional Concepts 7. Maximo Configuration Do not rate anything less than 7 unless you don't want interview to skip the topic Deployment / Administration  1. Explain LDAP integration? 2. Explain SSO and LTPA token? 3. What is global security? 4. How session is managed in Websphere or Maximo? 16. How to insert attributes from Backend? 5. How request is passed in Maximo? 6. How to do horizontal and vertical clustering? 7. Explain how you confire websphere for maximo manually? 8. What are Websphere MQ? 9. What is JMS, Connection Factory and Queues? 10. What is difference between vmm and ldap sync integration ? 11. What is Standalone and federated repository? 12. How to install a new language in Maximo? 13. What are the steps to apply a Fix pack in Maximo, Websphere or DB2? 14. Have you worked on any performance checking tools? 15...
3 comments
Read more

Maximo Bean Class Methods

Methods of Bean Classes of Maximo Reset Method   This method is called when a new filter is applied for the dialog's MboSet.  @see psdi.webclient.system.beans.DataBean#reset()     @Override     public void reset() throws MXException     {             try         {                 saveCurrentSelection();         }         catch (RemoteException e)         {             handleRemoteException(e);         }         super.reset();     } Initialize It is used to initialize values on a d...
3 comments
Read more

Integration Control

Integration control used in making conditions for processing  provides a way to match xml field or object field with particular value. We have 4 types of integration control 1. Value 2.List 3. XRef 4.Boolean Value control is used to compare with single value. List control is used to compare with list of values which may come from domains. Boolean control is true or false value used to compare yorn field I personally never used it. XRef control i.e cross reference control is used to to swap values foe example we have different orgid in other system than we can define cross reference control inorder to translate. We create cross reference control and associate it with enterprise service or publish channel. We can also override these values at external system level.
2 comments
Read more